Fix deferring free object that refcount is more than 1 (#14738)

in https://github.com/redis/redis/pull/14440, we remove the refcount check in [tryDeferFreeClientObject](235e688b01 (diff-252bce0cc340542712f0c1adf62e9035ea47a4a064321fbf40ec3dd4b814aaf2R1509)), it is ok in 8.4 version, since after command execution, the refcount of a kvobject always is 1. but in #14608 (8.6 RC1) we change this assumption, increment refcount when a client refer a kvobject in reply, so now if the refcount of kvobject is more than 1, we may let the io thread call `decrRefCount`, there is data race, maybe it causes memory leak.
2026-02-03 20:39:54 -05:00 · 2026-01-25 18:41:16 +08:00 · 2026-01-25 18:41:16 +08:00 · 6e2cbd51c3
commit 6e2cbd51c3
parent 18538461d1
1 changed files with 1 additions and 1 deletions
--- a/src/db.c
+++ b/src/db.c
@ -687,7 +687,7 @@ static void dbSetValue(redisDb *db, robj *key, robj **valref, dictEntryLink link
        }
    }

-    if (server.io_threads_num > 1 && old->encoding == OBJ_ENCODING_RAW) {
+    if (server.io_threads_num > 1 && old->encoding == OBJ_ENCODING_RAW && old->refcount == 1) {
        /* In multi-threaded mode, the OBJ_ENCODING_RAW string object usually is
         * allocated in the IO thread, so we defer the free to the IO thread.
         * Besides, we never free a string object in BIO threads, so, even with